XWIKI-21949: Restrict the execution of script macros during a realtime WYSIWYG editing session
* Fix a bug in EntityChannelScriptAuthorTracker which didn't lower / update the script level when the target entity reference had initially a low script level (e.g. when two users edit a page whose last author didn't have script right, one of them could use the rights of the other to execute scripts) * Assume that a request can submit data associated with multiple documents (or document translations) so don't try to determine the entity that is targeted by the request; simply compute the effective author by taking the most recent author with the least script rights * Update since versions (cherry picked from commit fa1c0fb1)
Showing
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/pom.xml 1 addition, 6 deletions...xwiki-platform-netflux/xwiki-platform-netflux-api/pom.xml
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/main/java/org/xwiki/netflux/EntityChannelStore.java 2 additions, 2 deletions...i/src/main/java/org/xwiki/netflux/EntityChannelStore.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/main/java/org/xwiki/netflux/internal/EffectiveAuthorSetterListener.java 26 additions, 30 deletions...xwiki/netflux/internal/EffectiveAuthorSetterListener.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/main/java/org/xwiki/netflux/internal/EntityChange.java 2 additions, 2 deletions...rc/main/java/org/xwiki/netflux/internal/EntityChange.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/main/java/org/xwiki/netflux/internal/EntityChannelScriptAuthorBot.java 2 additions, 2 deletions.../xwiki/netflux/internal/EntityChannelScriptAuthorBot.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/main/java/org/xwiki/netflux/internal/EntityChannelScriptAuthorTracker.java 5 additions, 75 deletions...ki/netflux/internal/EntityChannelScriptAuthorTracker.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/test/java/org/xwiki/netflux/internal/EffectiveAuthorSetterListenerTest.java 16 additions, 20 deletions...i/netflux/internal/EffectiveAuthorSetterListenerTest.java
- xwiki-platform-core/xwiki-platform-netflux/xwiki-platform-netflux-api/src/test/java/org/xwiki/netflux/internal/EntityChannelScriptAuthorTrackerTest.java 1 addition, 54 deletions...etflux/internal/EntityChannelScriptAuthorTrackerTest.java
Loading
Please register or sign in to comment